Visual Studio Online Update – May 20th

The really big news is that we’ve completed the next step in the journey to fully supporting Active Directory integration through Azure Active Directory. You can now create a new VS Online account through any of the paths we offer and connect the new account to Azure Active Directory in the process. The news post has a bunch more detail, tutorials, etc.

This has been one of the top service requests for a while now. In fact, there are two highly voted Uservoice items related to it that we’ve partially addressed.

There’s actually a ton more work that we’ve had to do to get to this point than you might imagine. It’s not just about hooking up another authentication provider. We’ve tried to make the whole scenario work well. For instance.

MSDN subscriber benefits – Once you can login to VS Online with your corporate credentials, how are we going to recognize your MSDN subscription and give you credit for the license? We’ve had to add support to MSDN/VSO to enable you to specify a set of AAD credentials associated with your MSDN subscription by which you can get credit.

Interplay between AAD and Microsoft Accounts – Microsoft Accounts (Live IDs) can be added to AAD as “external identities", making them kind of virtual members of the directory. That creates all kinds of problems. It means that with the same Microsoft Account, you can be a member of multiple organizations. How do you see all of the VSO accounts in all of those organizations you have access to? We’ve updated the profile page to round them all up and show them. What about the fact that you only have one user profile – display name, picture, etc? Many organizations want to control things like that with policy in their organization. We’ve added support for organization specific profiles. So the profile is yours but it has a “personality” specific to each organization you are a member of.

There have been tons of edges like these that we’ve had to deal with. The whole process has given me a renewed appreciation for how much more complicated identity is than you would, at first, imagine.

What you can’t do…

As I said, this is a step on the journey. There’s lots you can’t do yet. By far the biggest and most important one is that you can’t attach an existing VSO account to an AAD directory. You can only do it while creating a new account. Enabling attaching existing accounts is the next scenario on our list and, last I checked, we were estimating about 3 more sprints of work to get that done.

I know what you are thinking… How can I create a new account, move all my stuff over to the new account and keep working? Stop. Don’t go there. It’s complicated. If you just want to sync your source, create a new account and check it in – basically starting over, go ahead. But if you hope to preserve history, work items, tests, etc. Don’t. Just wait a few sprints and we’ll enable you to add AAD. Down the other path, you’ll pull out half your hair and probably be done about the time we introduce the feature anyway.

There are other things that still need to get done beyond that. For instance, once you can attach AAD to your VSO account, you will be able to add your Microsoft Accounts as external identities to your AAD and keep working. However, some of you, maybe most of you, would sure like to be able to move all of your work from your Microsoft Account to your linked on-premises AD identity – so for example, change bharry_msft@hotmail.com to bharry@microsoft.com. We have yet more work to do to enable that and I don’t have a timeline but likely later this year. You will also want to be able to use your Active Directory groups to manage permissions (and other things) in VSO – also likely to happen later this year.

So, this is not the end but rather it is an important step.

As I said, I’ve found that identity is way more complicated than you’d expect and I’ve found that our current docs are not great at telling you everything you need to know. I’ve asked that we put together a one stop shop page that contains a good explanation, links to resources and an FAQ to really help people sort through it all and create a solution that works well for them. I’ll let you know as soon as we have it.

It’s an incredibly exciting step and I think once we get the next step (ability to support pre-existing VSO accounts), we’ll cover the most pressing needs. We’ll finish this out and start ramping up on the next most pressing requirement – process template customization.

I would not hold my breath. After the experience I had last night simply trying to order Office 365 Home for my family, it took almost 2.5 hours to convince the store to sell it to me and then permit me to install it, they cannot seem to even get the Office 365 to play nicely with the way their own phone OS works.

I still have not gotten my Lumina Icon to sign in and I used the same Microsoft account for both which apparently causes a conflict which has the 2 teams pointing fingers at each other. I can only imagine the hoops you will have to jump through to get all those services to work together.

5 years ago

Digvijava

Does process template customization include changing the name of team projects, we have a pressing need to change the names of our team projects.

@Betty, no on-prem doesn't support ADFS and the Azure Active Directory work doesn't help. We would have to explicitly decide to prioritize ADFS work. So far, we haven't had enough demand to justify it.

@Digvijava, No process template customization is mostly about being able to change work item schema. We are working on Team Project rename though and I hope to have more to say about it later this year.

Brian

5 years ago

JosAnt

This latest update (or the one before) has killed our use of the Kanban board in Visual Studio Online. We use the board in conjunction with the backlog prioritization. Priorities are set by dragging items up and down in the backlog view and the process steps and work item state is captured using the board – I think this is a great way to work!

But recently stuff is jumping around seemingly at randomly on the board – when the Product Owner changes the priorites for items the Kanban Board columns of the affected items are reset. This kills a great way of working with Visual Studio Online. I found a bug already registered on Connect and I am promoting internally trying to get everyone I work with to vote on the item!

I wanted to post here too because I think that this makes VSO a non-starter for Kanban teams.

@JosAnt, I'm sorry to hear it. I've been using the kanban board a lot lately and haven't seen this. I don't doubt you – it's just working fine for me. I've forwarded your issue to a couple of people on the team to look at. I suspect someone will get back to you shortly.

Fast fixes to problems are great, but it is the other trend we have been seeing with Visual Studio/TFS development that makes betting on their whole development tools as a service approach a nonstarter for me.

What happens when they decide, like they did with the setup projects, to suddenly drop/replace a feature from their product? With on premise software I can control when we move to the new version and so be able to explain to my bosses why, after I finish the current release, I will have to delay the next feature they are demanding because I have to rewrite an existing feature they uses a technology that Microsoft has decided to no longer support.

But with the development tools as a service approach you no longer have any control over when fixes/new releases are being applied and so a controlled, proactive approach is no longer possible and you are forever in reactionary mode with Microsoft having the power to completely derail your project with little, or no, notice.

Hi, There’s no doubt that your blog might be having browser compatibility
issues. When I take a look at your blog in Safari, it looks fine
however when opening in I.E., it’s got some overlapping issues.
I merely wanted to give you a quick heads up! Other than that,
wonderful website!